Apple watchOS
Moderate fix1 remedy
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*
Moderate fix1 remedy
Apple WebKit Cross-Origin Data Exfiltration Vulnerability
Vulnerability
Patched
A vulnerability in WebKit's cookie management allows cross-origin data exfiltration. This issue affects multiple Apple operating systems, including watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18, iPadOS 18, and tvOS 18. The vulnerability arises from inadequate state management, which a malicious website could exploit to access sensitive information across different origins.
Impact
Exploitation of this vulnerability could lead to unauthorized access and exfiltration of user data from one origin to another, potentially allowing malicious websites to access sensitive information that should be protected by the same-origin policy.
Remediation
Users can update to the latest versions of watchOS, macOS, Safari, visionOS, iOS, iPadOS, and tvOS to address this vulnerability. Instructions for updating can be found on the Apple Support website.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.